Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: What's up with port 8881? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's up with port 8881?

As I've noted in the past, one of the tools that I really like here and that is available to the public is our port detail.  So, as the result of a conversation at the day job the other day, I decided to take a look at the last 11 months of traffic on port 8881.  Below is the graph.  Does anyone know what happened in September that led to huge increase in traffic?  If you look at the ASCII table, you can see the number of destinations stayed in the range of roughly 5-15, but the number of sources has gone up tremendously.  Also, the mix of TCP to UDP dropped to roughly 75-85% (which may actually point to an answer, but I'll save my conjecture for an update).  So, if anyone has a packet capture they'd like to share, please upload through the contact page.

 port 8881 graph

 

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) org

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Baltimore Fall 2020

Jim

416 Posts
ISC Handler
Jan 15th 2011
I don't have a capture... but I recall hearing something about this port and it's connection with Bitdefender 2011 months back... something about p2p update or something. BD 2011 was released around September...
Anonymous
See the conversation at:
http://forum.bitdefender.com/index.php?showtopic=21924
Anonymous
SpeedGuide has other information on port 8881 - hxxp://www.speedguide.net/port.php?port=8881
HackDefendr

65 Posts

Sign Up for Free or Log In to start participating in the conversation!